Step 1 - Enable Required Google Cloud API

1. Log in to the Google Cloud console with organization administrator credentials.

2. Start Cloud Shell by clicking the CLI icon on the right side of the bar.↓

3. In the shell interface, enter the following script to enable required API access, in all of the projects that Rezonate should protect.

4. Select a single project from which you will set the access to the Google Workspace API’s.

5. Open a new tab in the Cloud Shell interface.

6. Run the command to retrieve the ID of the current project:

7. Save the ID of this project and send it to Rezonate.

8. Run the following commands:

Appendix: List of APIs and their usage

Step 2 - Grant Rezonate Access to Your Google Cloud Organization

1. Head over to the IAM page. Use the organization/project drop-down list to choose your Organization.

2. Click Grant Access.

3. In the New Principals box, enter the email address provided by Rezonate - rezonate@rezonapp.iam.gserviceaccount.com, to establish trust between the organizations.

4. In the Role boxes, grant the new service account the following read-only roles, at the organization level:

   1. Browser

   2. Security Reviewer

   3. Viewer

5. Click Save.

8. Execute the following commands to retrieve your organization ID, and the list of all project IDs and filter the ones you want Rezonate to access: